If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

One IP was down the one above typed into firefox offered me a file to download i have the file it is machine code (pretty sure).

What bothers me most is during my learning curve i ended up reloading almost every box on my network. I did a trend micro scan on my surfing box and only found three cookies. I really dont think this is coming from my network but it would be nice to know for sure and to keep my logger quiet.
Thanks alot for all responses
J

why is information comming from the loop back address.. or have you dummied this?..

where are you running SNORT? I assume that is your first line or is it SORT?.. is it running on the smoothwall box or are you running it locally on one of your pc's in othere words where are you recording this information...

One IP was down the one above typed into firefox offered me a file to download i have the file it is machine code (pretty sure).

Well what sort of a file is it.. does it have a name.. how about sharing it with us to disect (zip it and upload)

"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

&gt;why is information comming from the loop back address.. or have you dummied this?..

I did dummy it the real address is my external ip

&gt;where are you running SNORT? I assume that is your first line or is it SORT?.. is it running on the &gt;smoothwall box or are you running it locally on one of your pc's in othere words where are you &gt;recording this information...

It is running on my firewall (smoothwall)

&gt;Well what sort of a file is it.. does it have a name.. how about sharing it with us to disect (zip it &gt;and upload)

Not even close
I can post my ip just not used 2 seeing ip's listed i almost didnt post the other but since it was "live" i figured i could pull it if needed.

&gt;Good reply SirDice as you well know, this is not my area at all, but I do recall something about &gt;cookies (very large ones?) causing this sort of reaction?
&gt;Cookies and any type of URL with a large (hexadecimal) string in them.

If that were the case wouldnt i see port 80 or a common port instead of them being different ie"2433"

oh i do have bittorrent running on one of my internal boxes.
i am under the impression that this is a false postive how do i look at the traffic?
Thanks again
jeremy

I did a scan at virustotal on the file i downloaded and it came back clean.
that address is still handing out files so i got a few more and used a hex editor.
It looks to me like it is encrypted. No steady breaks or file size.